diff options
author | Christian Grothoff <christian@grothoff.org> | 2017-04-23 20:07:10 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2017-04-23 20:07:10 +0200 |
commit | e95ec4874da57b153ecea27fa553ae8a19b4a280 (patch) | |
tree | afbd7a561a26bdcc30e7876a46f613fbb4b7700d | |
parent | ef49636130061c379821d60c58ef51468bf9e039 (diff) | |
download | libmicrohttpd-e95ec4874da57b153ecea27fa553ae8a19b4a280.tar.gz libmicrohttpd-e95ec4874da57b153ecea27fa553ae8a19b4a280.zip |
enforce RFC 7230 no-whitespace in header field name rule if MHD_USE_PEDANTIC_CHECKS is set
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | src/examples/minimal_example.c | 2 | ||||
-rw-r--r-- | src/microhttpd/connection.c | 16 | ||||
-rw-r--r-- | src/microhttpd/digestauth.c | 2 |
4 files changed, 22 insertions, 2 deletions
@@ -1,3 +1,7 @@ | |||
1 | Sun Apr 23 20:05:44 CEST 2017 | ||
2 | Enforce RFC 7230's rule on no whitespace in HTTP header | ||
3 | field names if MHD_USE_PEDANTIC_CHECKS is set. -CG | ||
4 | |||
1 | Sun Apr 23 19:20:33 CEST 2017 | 5 | Sun Apr 23 19:20:33 CEST 2017 |
2 | Replace remaining occurences of sprintf() with | 6 | Replace remaining occurences of sprintf() with |
3 | MHD_snprintf_(). Thanks to Ram for pointing this out. -CG | 7 | MHD_snprintf_(). Thanks to Ram for pointing this out. -CG |
diff --git a/src/examples/minimal_example.c b/src/examples/minimal_example.c index b6e5edc3..c5796fc8 100644 --- a/src/examples/minimal_example.c +++ b/src/examples/minimal_example.c | |||
@@ -68,7 +68,7 @@ main (int argc, char *const *argv) | |||
68 | return 1; | 68 | return 1; |
69 | } | 69 | } |
70 | d = MHD_start_daemon (// MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_ERROR_LOG, | 70 | d = MHD_start_daemon (// MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_ERROR_LOG, |
71 | MHD_USE_AUTO | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_ERROR_LOG, | 71 | MHD_USE_AUTO | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_PEDANTIC_CHECKS | MHD_USE_ERROR_LOG, |
72 | // MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_ERROR_LOG | MHD_USE_POLL, | 72 | // MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_ERROR_LOG | MHD_USE_POLL, |
73 | // MHD_USE_THREAD_PER_CONNECTION | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_ERROR_LOG | MHD_USE_POLL, | 73 | // MHD_USE_THREAD_PER_CONNECTION | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_ERROR_LOG | MHD_USE_POLL, |
74 | // MHD_USE_THREAD_PER_CONNECTION | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_ERROR_LOG, | 74 | // MHD_USE_THREAD_PER_CONNECTION | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_ERROR_LOG, |
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c index da54bf1a..cbac8447 100644 --- a/src/microhttpd/connection.c +++ b/src/microhttpd/connection.c | |||
@@ -2213,6 +2213,22 @@ process_header_line (struct MHD_Connection *connection, | |||
2213 | _("Received malformed line (no colon). Closing connection.\n")); | 2213 | _("Received malformed line (no colon). Closing connection.\n")); |
2214 | return MHD_NO; | 2214 | return MHD_NO; |
2215 | } | 2215 | } |
2216 | if (0 != (MHD_USE_PEDANTIC_CHECKS & connection->daemon->options)) | ||
2217 | { | ||
2218 | /* check for whitespace before colon, which is not allowed | ||
2219 | by RFC 7230 section 3.2.4; we count space ' ' and | ||
2220 | tab '\t', but not '\r\n' as those would have ended the line. */ | ||
2221 | const char *white; | ||
2222 | |||
2223 | white = strchr (line, ' '); | ||
2224 | if ( (NULL != white) && | ||
2225 | (white < colon) ) | ||
2226 | return MHD_NO; | ||
2227 | white = strchr (line, '\t'); | ||
2228 | if ( (NULL != white) && | ||
2229 | (white < colon) ) | ||
2230 | return MHD_NO; | ||
2231 | } | ||
2216 | /* zero-terminate header */ | 2232 | /* zero-terminate header */ |
2217 | colon[0] = '\0'; | 2233 | colon[0] = '\0'; |
2218 | colon++; /* advance to value */ | 2234 | colon++; /* advance to value */ |
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index 8b219296..7ade4542 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -413,7 +413,7 @@ check_nonce_nc (struct MHD_Connection *connection, | |||
413 | { | 413 | { |
414 | /* Fresh nonce, reinitialize array */ | 414 | /* Fresh nonce, reinitialize array */ |
415 | strcpy (nn->nonce, | 415 | strcpy (nn->nonce, |
416 | nonce); | 416 | nonce); |
417 | nn->nc = 0; | 417 | nn->nc = 0; |
418 | nn->nmask = 0; | 418 | nn->nmask = 0; |
419 | MHD_mutex_unlock_chk_ (&daemon->nnc_lock); | 419 | MHD_mutex_unlock_chk_ (&daemon->nnc_lock); |